Wednesday, July 22, 2015

You will get updates like it or not
License
agreement: 'receive these types of automatic updates without any
additional notice'.

Will be sold on USB drives (no need for DVD
drive!)
Seen on Amazon.com's pre-order page; US release date
likely August 30th

Price
for Windows 10 Home $119.99, for Windows 10 Pro $199.99

Adobe Flash player

A seemingly
endless saga of bugs and updates.
Per July 20th
you should be at version 18.0.0.209; everything below that is
potentially dangerous!
Mozilla on July 20th
temporarily blocked Flash Player in Firefox!

This month's Patch Tuesday fixed 59
vulnerabilities

Microsoft stops AV support for XP

Microsoft
Security Essentials nolonger updated on Window XP
Yes, there are
still about 180
million people
using it!

WPA-TKIP can be cracked in an hour!Check
your WiFi setup.
I know many (older?) DSL routers that have
ONLY WPA-TKIP; they need to be replaced!

Google Chrome to add RED SCREEN warning

Only for ads with
malicious content, known malicious web pages and web sites.

CVS's photo web site hacked and off-lineOther
possibly affected firms are Walmart, Costco, Tesco, Asda & Marks
and Spencer; they all used Canada-based PNI Digital Media.
I
recently tried the CostCo web service and was appalled by it's bad
user interface; I ran away real quick.

Updated A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it can share access to Wi-Fi networks with the user's contacts.

Wi-Fi Sense has been on Windows Phone since 8.1

Those contacts include their Outlook.com (nee
Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook
friends. There is method in the Microsoft madness – it saves having to
shout across the office or house “what’s the Wi-Fi password?” – but ease
of use has to be teamed with security. If you wander close to a
wireless network, and your friend knows the password, and you both have
Wi-Fi Sense, you can log into that network.

Wi-Fi Sense doesn’t
reveal the plaintext password to your family, friends, acquaintances,
and the chap at the takeaway who's an Outlook.com contact, but it does
allow them, if they are also running Wi-Fi Sense, to log in to your
Wi-Fi. The password must be stored centrally by Microsoft, and is copied
to a device for it to work; Microsoft just tries to stop you looking at
it. How successful that will be isn't yet known.
"For networks
you choose to share access to, the password is sent over an encrypted
connection and stored in an encrypted file on a Microsoft server, and
then sent over a secure connection to your contacts' phone if they use
Wi-Fi Sense and they're in range of the Wi-Fi network you shared," the Wi-Fi Sense FAQ states.
Microsoft
also adds that Wi-Fi Sense will only provide internet access, and block
connections to other things on the wireless LAN: "When you share
network access, your contacts get internet access only. For example, if
you share your home Wi-Fi network, your contacts won't have access to
other computers, devices, or files stored on your home network."
That
sounds wise – but we're not convinced how it will be practically
enforced: if a computer is connected to a protected Wi-Fi network, it
must know the key. And if the computer knows the key, a determined user
or hacker will be able to find it within the system and use it to log
into the network with full access.
In theory, someone who wanted
access to your company network could befriend an employee or two, and
drive into the office car park to be in range, and then gain access to
the wireless network. Some basic protections, specifically ones that
safeguard against people sharing their passwords, should prevent this.
The
feature has been on Windows Phones since version 8.1. If you type the
password into your Lumia, you won’t then need to type it into your
laptop, because you are a friend of yourself. Given the meagre installed base of Windows Phones it's not been much of a threat – until now.
With
every laptop running Windows 10 in the business radiating access, the
security risk is significant. A second issue is that by giving Wi-Fi
Sense access to your Facebook contacts, you are giving Microsoft a list
of your Facebook friends, as well as your wireless passwords.
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense.
(So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.)
Microsoft
enables Windows 10's Wi-Fi Sense by default, and access to
password-protected networks are shared with contacts unless the user
remembers to uncheck a box when they first connect. Choosing to switch
it off may make it a lot less useful, but would make for a more secure
IT environment.
Yes, wireless passwords can be written down and
trivially passed along to others: we know network security shouldn't end
at the Wi-Fi login prompt. But there's nothing like an OS automating
the practice of blabbing passphrases to your mates, eh?

Updated to add

A
Microsoft PR rep has been in touch about the headline, pointing out
that when you share access to your network via Wi-Fi Sense, your
contacts cannot share that access to other people. We know this.
The
headline still stands because: imagine you and I are friends, and you
visit my house. I tell you the Wi-Fi password, or you read it off the
fridge. You type it into your Windows 10 device, and access to my
network is shared via Wi-Fi Sense with your Windows 10 friends. Your
friends now have access to my network, or in other words, my friend's
friends now have access to the network.
And that's not good.
--------------------------

So far for the article from The Register.

By now I have installed several versions of Windows 10 Preview and the install process has changed over time - which is to be expected in a preview for testing of a product that is in active development. The last install(s) have asked questions about sharing Wi-Fi keys and I have declined. By the way, I am planning an extensive article about the install process of Windows 10.

I have declined to share Wi-Fi keys because I read the questions before I ACCEPT the default settings. These preselected default settings more often that not help Microsoft rather than the individual user; that at least is my experience with Microsoft software and products since I know them - and that is only since about the early 1980s.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Thursday, July 2, 2015

I hardly can count how often I have spoken in my radio shows about repair scams and other tricks crooks use to scare unsuspecting computer users into handing over their credit card info; that is what all these and similar scams come down to.

Here is only a small selection of articles from this blog that deal with various aspects of this situation - with NO claim of completeness at all:

The newest twist in this never ending saga happens as follows: You are on a web site you have been on many, many times, let's say for information on your favorite hobby. Naturally after having used that web site for years you assume it is "clean" and the information from there is valid.

But suddenly you get a pop up window or some other kind of message informing you that "your computer has been reported" to some "Windows Security" team or it "is infected with 567 viruses" or similar.

This sort of pop up is by definition a scam!

Do not click anywhere in this window.

If applicable DO NOT call the toll free phone number givin in the message.

Do NOT "x out" of this window, that is do not click on the "red X" in the top right corner of the window to close it.

The only safe way out of such windows and/or messages is to close them with Alt+F4, that is holding down the Alternate key and while holding this key down pressing function key F4.

Beside getting out of this window safely I would avoid ever again going to this web site. There is almost always some alternative.

Why did I above say "... is by definition a scam"?

There is no "Windows Security" team or company or anything even vaguely similar.

You Windows operating system does NOT report any info to anybody; only malicious software does that!

Neither Microsoft nor any of their partner companies care about your computer's and your well being!

You don't even have to take alone my word for it; here are links to two very official web pages about that exact same issue:

About Me

52 years in Information Technology and 34 years of experience with PCs as of 2016. Specialized in non-destructive virus and malware removal, home computer protection and showing my customers how to keep their computers "mean and clean". From 2004 to 2015 I was the regular computer guru on a local radio call-in talk show. From April 2015 through April 2016 I was bi-wwekly on WBKV 1470AM. I offer only house calls and work exclusively on MS-Windows. I do NOT sell hardware or software, I sell only my know how, my experience and my time.